Synthetic identification protocol apparatus and method

ABSTRACT

A control circuit receives personally identifiable information that corresponds to a particular entity. The control circuit uses that personally identifiable information to access a block chain ledger that serves as an identity block chain ledger. The control circuit then receives a synthetic identifier from the block chain ledger. This synthetic identifier correlates to the aforementioned personally identifiable information and also correlates to other data that corresponds to the particular entity and which other data is stored in a data storage element other than the block chain ledger.

RELATED APPLICATION(S)

This application claims the benefit of U.S. Provisional application No.62/666,598, filed May 3, 2018, which is incorporated by reference in itsentirety herein.

This application claims the benefit of U.S. Provisional application No.62/676,217, filed May 24, 2018, which is incorporated by reference inits entirety herein.

This application claims the benefit of U.S. Provisional application No.62/682,086, filed Jun. 7, 2018, which is incorporated by reference inits entirety herein.

TECHNICAL FIELD

These teachings relate generally to identification-based protocols.

BACKGROUND

Online storage facilities are often employed to store informationprovided by or that otherwise corresponds to particular entities such asindividuals and businesses. Various security measures are often employedto attempt to preserve the veracity of and to otherwise protect theconfidentiality of such information and privacy of the entities sorepresented. Unfortunately, security breaches can and do occur. In manytypical prior art approaches, once an unauthorized person gains accessto the stored information, the proverbial horse is out of the barn andaccessed information can be correlated to the corresponding entities.

BRIEF DESCRIPTION OF THE DRAWINGS

The above needs are at least partially met through provision of thesynthetic identification protocol apparatus and method described in thefollowing detailed description, particularly when studied in conjunctionwith the drawings, wherein:

FIG. 1 comprises a block diagram as configured in accordance withvarious embodiments of these teachings;

FIG. 2 comprises a block diagram as configured in accordance withvarious embodiments of these teachings;

FIG. 3 comprises a flow diagram as configured in accordance with variousembodiments of these teachings; and

FIG. 4 comprises a signal flow diagram as configured in accordance withvarious embodiments of these teachings.

Elements in the figures are illustrated for simplicity and clarity andhave not necessarily been drawn to scale. For example, the dimensionsand/or relative positioning of some of the elements in the figures maybe exaggerated relative to other elements to help to improveunderstanding of various embodiments of the present teachings. Also,common but well-understood elements that are useful or necessary in acommercially feasible embodiment are often not depicted in order tofacilitate a less obstructed view of these various embodiments of thepresent teachings. Certain actions and/or steps may be described ordepicted in a particular order of occurrence while those skilled in theart will understand that such specificity with respect to sequence isnot actually required. The terms and expressions used herein have theordinary technical meaning as is accorded to such terms and expressionsby persons skilled in the technical field as set forth above exceptwhere different specific meanings have otherwise been set forth herein.The word “or” when used herein shall be interpreted as having adisjunctive construction rather than a conjunctive construction unlessotherwise specifically indicated.

DETAILED DESCRIPTION

Generally speaking, pursuant to these various embodiments a controlcircuit receives personally identifiable information that corresponds toa particular entity. The control circuit uses that personallyidentifiable information to access a block chain ledger that serves asan identity block chain ledger. The control circuit then receives asynthetic identifier from the block chain ledger. This syntheticidentifier correlates to the aforementioned personally identifiableinformation and also correlates to other data that corresponds to theparticular entity and which other data is stored in a data storageelement other than the block chain ledger.

So configured, and by one approach, a requesting entity provides thepersonally identifiable information to the control circuit which thenprovides that personally identifiable information to the block chainledger to thereby receive, in turn, the corresponding syntheticidentifier. The control circuit can then provide that syntheticidentifier to the requesting entity. The requesting entity can use thatsynthetic identifier to access the aforementioned data storage elementto thereby retrieve the aforementioned other data.

The personally identifiable information can include data thatcorresponds to the aforementioned particular entity other than incontext with respect to the synthetic identifier. Useful examplesinclude, but are not limited to, a person's or company's name, ataxpayer number, a Social Security number, a date of birth, a passportnumber, a military identification number, a physical mailing address,and so forth. As one illustrative non-limiting example, a requiredformat for personally identifiable information for an entity that is aperson within the United States could be “first_name, last_name,social_security_number, date_of_birth.”

The aforementioned synthetic identifier, by way of contrast, servesspecifically and only to correlate the particular entity to theaforementioned other data. With this in mind, the aforementioned blockchain ledger, when serving as an identity block chain ledger, may, byone approach, only serve to correlate personally identifiableinformation with corresponding synthetic identifiers to thereby respondappropriately to personally identifiable information queries (inaddition to possibly also serving to generate or otherwise assignsynthetic identifiers to such personally identifiable information).

By one approach, the synthetic identifier correlated to a specificplurality of items of personally identifiable information is generatedthrough a computation of choice performed on the aforementioned blockchain ledger.

The aforementioned personally identifiable information and/or syntheticidentifier can be transmitted wholly in the clear or, in thealternative, may be transmitted partially or wholly as non-clearinformation. Non-clear information will be understood to refer toinformation that has been processed in order to provide privacy-basedsecurity that renders the information unintelligible to unauthorizedpersons who lack other information (such as a decryption key) requiredto render the information intelligible. As one non-limiting example,this can comprise rendering the information unintelligible in such a waythat no information other than the clear information used to generatethe non-clear information can be used to statistically orcomputationally infer any elements of the clear information, but throughsuch a process that any two distinct values of non-clear information areconsistently processed into two distinct values of non-clearinformation. Examples include but are not limited to encryption andcollision-resistant cryptographic hash functions.

So configured, both veracity and privacy regarding the connectionbetween specific entities and other information can be reliably guardedand preserved while still offering relatively convenient access toauthorized entities having need of such information.

So configured, two distinct particular entities will be distinguishableby their synthetic identifiers without introducing the risk of assigningthe same synthetic identifier to multiple entities.

These and other benefits may become clearer upon making a thoroughreview and study of the following detailed description. Referring now tothe drawings, and in particular to FIG. 1, an illustrative apparatusthat is compatible with many of these teachings will now be presented.

FIG. 1 presents an illustrative example of an identity locator 100. Thisidentity locator 100 includes a control circuit 101. Being a “circuit,”the control circuit 101 therefore comprises structure that includes atleast one (and typically many) electrically-conductive paths (such aspaths comprised of a conductive metal such as copper or silver) thatconvey electricity in an ordered manner, which path(s) will alsotypically include corresponding electrical components (both passive(such as resistors and capacitors) and active (such as any of a varietyof semiconductor-based devices) as appropriate) to permit the circuit toeffect the control aspect of these teachings.

Such a control circuit 101 can comprise a fixed-purpose hard-wiredhardware platform (including but not limited to an application-specificintegrated circuit (ASIC) (which is an integrated circuit that iscustomized by design for a particular use, rather than intended forgeneral-purpose use), a field-programmable gate array (FPGA), and thelike) or can comprise a partially or wholly-programmable hardwareplatform (including but not limited to microcontrollers,microprocessors, and the like). These architectural options for suchstructures are well known and understood in the art and require nofurther description here. This control circuit 101 is configured (forexample, by using corresponding programming as will be well understoodby those skilled in the art) to carry out one or more of the steps,actions, and/or functions described herein.

By one optional approach the control circuit 101 operably couples to amemory 102. This memory 102 may be integral to the control circuit 101or can be physically discrete (in whole or in part) from the controlcircuit 101 as desired. This memory 102 can also be local with respectto the control circuit 101 (where, for example, both share a commoncircuit board, chassis, power supply, and/or housing) or can bepartially or wholly remote with respect to the control circuit 101(where, for example, the memory 102 is physically located in anotherfacility, metropolitan area, or even country as compared to the controlcircuit 101).

In addition to the relevant information content described herein, thismemory 102 can serve, for example, to non-transitorily store thecomputer instructions that, when executed by the control circuit 101,cause the control circuit 101 to behave as described herein. (As usedherein, this reference to “non-transitorily” will be understood to referto a non-ephemeral state for the stored contents (and hence excludeswhen the stored contents merely constitute signals or waves) rather thanvolatility of the storage media itself and hence includes bothnon-volatile memory (such as read-only memory (ROM) as well as volatilememory (such as a dynamic random access memory (DRAM).)

In this example the control circuit 101 operably couples to one or morenetwork interfaces 103 that provide access to one or more networkelements external to the identity locator 100. Numerous examples ofnetwork interfaces are known in the art. A non-exhaustive listing wouldinclude Universal Serial Bus (USB)-based interfaces, RS232-basedinterfaces, I.E.E.E. 1394 (aka Firewire)-based interfaces,Ethernet-based interfaces, any of a variety of so-called Wi-Fi™-basedwireless interfaces, Bluetooth™-based wireless interfaces, cellulartelephony-based wireless interfaces, Near Field Communications(NFC)-based wireless interfaces, standard telephone landline-basedinterfaces, cable modem-based interfaces, and digital subscriber line(DSL)-based interfaces. Such interfaces can be selectively employed tocommunicatively couple the identity locator 100 to another such machine,to a local area network, or to any of a variety of networks 104including wide area networks or extranets (such as, but not limited to,the Internet). So configured the control circuit 101 can communicatewith other elements (both within the identity locator 100 and externalthereto) via the network interface 103. Network interfaces, includingboth wireless and non-wireless platforms, are well understood in the artand require no particular elaboration here.

By one optional approach the control circuit 101 also operably couplesto a user interface 105. This user interface 105 can comprise any of avariety of user-input mechanisms (such as, but not limited to, keyboardsand keypads, cursor-control devices, touch-sensitive displays,speech-recognition interfaces, gesture-recognition interfaces, and soforth) and/or user-output mechanisms (such as, but not limited to,visual displays, audio transducers, printers, and so forth) tofacilitate receiving information and/or instructions from a user and/orproviding information to a user. Such a user interface 105 can behelpful, for example, to properly configure, maintain, and/or operatethe identity locator 100.

FIG. 2 presents an illustrative application setting 200. It will beunderstood that the specific details provided in these regards areintended to serve an illustrative purpose and are not necessarilyintended to suggest any limitations with respect to these teachings.

In this example the aforementioned identity locator 100 may comprise, ifdesired, one of a plurality of identity locators 100. There may be, forexample, a first through an Nth identity locator 100 (where uppercaseand comprises an integer greater than 1).

At least one of the identity locators 100 operably couples to at leastone identity block chain ledger 201. By one approach, there can be aplurality of such block chain ledgers where each of the block chainledgers 201 is specific to a corresponding region (such as a particulargeographic region, a political region, or an economic region). The blockchain ledger 201 can comprise a public or private ledger as desired.Generally speaking, block chain ledgers are, in and of themselves, wellunderstood in the art and do not require further elaboration here.

By one approach, the collection of identity locators 100 is partitionedsuch that each sub-collection within the partition may only interactwith a block chain ledger which is specific to a corresponding region.So configured, elements of personally identifiable information andsynthetic identifiers can be reliably separated so as to quarantine thepossibility of an (authorized or unauthorized) person compromising theinformation to one region.

This (or these) identity block chain ledger 201 stores information thatcorrelates various items comprising personally identifiable informationto corresponding synthetic identifiers. In a typical applicationsetting, a single synthetic identifier will correlate to a plurality ofdifferent items of personally identifiable information that may allthemselves correlate to only a single particular entity. For example, agiven synthetic identifier may correlate to both a Social Securitynumber and a passport number, but, in the absence of error, thatsynthetic identifier will only correlate to one particular entity (i.e.,a particular person who has been assigned both that Social Securitynumber and that passport number). By one approach these syntheticidentifiers serve as a bridge that tethers the conceptualization ofidentifiers from other modalities (such as government issuedidentifiers, corporate identifiers, self-sovereign identifiers, and soforth) to a synthetic identity.

By one approach, the identity block chain ledger 201 is operated by oneor more of the plurality of identity locators 100 (which is to say, anenterprise that owns and/or otherwise controls that identity locator).

By one approach the synthetic identifier is not derived from norotherwise based in any way on the personally identifiable informationfor a particular entity. Instead, the only intentional and process-basedconnection/relationship between such datum and a given syntheticidentifier is the mapped relationship therebetween. For example, asynthetic identifier can be assigned by simply randomly generating a onehundred-character alphanumeric string (after confirming that theresultant string has not already been assigned). The specific contentsof such a string are not and cannot be derived from the contents of thecorresponding personally identifiable information nor is the reversepossible.

By one approach, a given synthetic identifier may correlate to any oneof a plurality of personally identifiable information items. By anotherapproach, it may be required that a given synthetic identifier beaccessible only upon presenting two or more items of personallyidentifiable information that all correlate to a particular givenentity. By yet another approach, it can be required that a givensynthetic identifier is only accessible upon presenting a specificplurality of specific items of personally identifiable information, suchthat a failure to present all of the specifically required items will beinsufficient to access a synthetic identifier. In any event, a givensynthetic identifier may not be accessible upon presentation of only oneitem of personally identifiable information even when the latter iscorrect and appropriate.

For the sake of an illustrative example, and without intending tosuggest any particular limitations in these regards, a syntheticidentifier can be formulated and assigned for a particular entity asfollows.

First, the personally identifiable information (PII) of the particularentity is converted to a canonical format id_(raw) and the PII hash iscalculated as h_(u)=H

id_(raw)

, where H is a cryptographically secure hash function such as SHA256.

Second, h_(D) is truncated as the first D digits of h_(u), where D is adefined parameter for K-anonymization (where the K in K-anonymizationrefers to the expected fraction of results returned by the query; forexample, if D=10 then K=2{circumflex over ( )}10= 1/1024.

Next, one selects arbitrary m identity locators 100 that serve theparticular identity Block chain ledger 201 of interest. One then sends aLocate Synthetic Identifier request to the selected m identity blockchain ledgers 201 with h_(k) as the payload.

In this example, each recipient identity locator 100 that receives theaforementioned request then responsively does the following thefollowing:

-   -   Queries its database for all entries where the PII Hash begins        with h_(k);    -   Where the query returns n records, the query will be data of the        form    -   {h¹: synthetic identifer¹,    -   . . . ,    -   h^(n): synthetic identifier^(n)};    -   Prepare a response by encrypting all instances of h and        synthetic identifer using the AES256e function with the PII        hashes themselves as the key such that the response looks like:    -   {AES256e(h¹, h¹, AES256e(synthetic identifier¹, h¹)    -   . . . ,    -   AES256e(h^(n), h^(n)): AES256e(synthetic identifer^(n), h^(n))}

The foregoing response can then be returned to the instigating party.

For each h in the response as received from each identity locator 100,the relevant party can decrypt each h^(x) in the response using theAES256d(secret, key) function with the original PII hash h_(u) (as wasearlier created) as the secret and comparing the plaintext value to h.(If no h_(u) is found after decrypting all instances of h^(x), it meansthat no synthetic identifier has been created for this entity. Aspecific set of steps outlined below can then be employed to create anew synthetic identifier.)

Only one hash h^(x) will decrypt such that the plaintext result is equalto the original PII hash h_(u) and the synthetic identifier being soughtwill be the synthetic identifier^(x) associated with h^(x).

By one approach, when using a plurality of identity block chain ledgers201, different synthetic identifiers as presented to different identityblock chain ledgers 201 can be returned when presented with the samepersonally identifiable information. This approach can facilitateparsing other data for a particular entity 204 in various ways, with theindividual segregated units of other data being accessed via differentcorresponding synthetic identifiers. As one simple example, all medicalinformation for a particular entity 204 may be associated with a firstsynthetic identifier while all financial information for that sameparticular entity 204 is associated with a second, different syntheticidentifier. Accordingly, to accommodate such an approach, a first one ofthe identity block chain ledgers 201 can represent medical informationuse cases while a second one of the identity block chain ledgers 201 canrepresent financial information use cases.

By one approach, the identity locator 100 and the identity block chainledger 201 may have a preestablished relationship with one another topermit and facilitate the communications described herein. By anotherapproach, in lieu of the foregoing or in combination therewith, theidentity locator 100 and the identity block chain ledger 201 may utilizea unique and possibly confidential or otherwise secured communicationsprotocol to facilitate the exchange of information as described herein.

In this illustrative example the identity locator 100 also operablycouples (via, for example, the above-described network interface 103) toat least one requesting entity 202. (In a typical application settingthe identity locator 100 may be accessible by any of a large pluralityof requesting entities 202. For the sake of clarity and a simpleexample, only one requesting entity 202 appears in this example.)

The requesting entity 202, in turn, operably couples to one or more datastorage elements 203. Each such data storage element 203 stores datacomprising other data corresponds to synthetic identifiers forcorresponding particular entities. This other data may constitute, forexample, further metadata regarding the particular entity including butnot limited to financial information, life experience information,metadata stemming from corporate processes (such as in anti-fraudmeasures or device verification), and facts or opinions regarding whichthe particular entity can attest, to note but a few examples in theseregards.

By one approach, if desired, the data storage element 203 can itselfconstitute a block chain ledger. Again, in such a case, the B blockchain ledger can constitute a public or private block chain ledger asdesired.

Generally speaking, the data storage element 203 is configured toreceive a synthetic identifier (for example, as provided by therequesting entity 202) and to employ that synthetic identifier to accessand identify other data that correlates to that synthetic identifier.The data storage element 203 can then be further configured to providesome or all of the foregoing other data in response to a network elementthat proffers that synthetic identifier. The other data, when and soprovided, can be provided as clear information or, if desired, asnon-clear information (in whole or in part).

Also in this illustrative example, the requesting entity 202 operablycouples to a particular entity 204. This particular entity 204 canconstitute an individual person, a company, a governmental agency, aneducational institution, and so forth as desired. In this example, it isthis particular entity 204 that provides personally identifiableinformation regarding itself to the requesting entity 202. By oneapproach, the particular entity 204 provides self-selected items ofpersonally identifiable information. By another approach, in lieu of theforegoing or in combination therewith, the particular entity 204provides one or more items of personally identifiable information thatare specifically requested or otherwise required by the requestingentity 202. (The personally identifiable information can be provided tothe requesting entity 202 using any of a variety of input/transmissionmechanisms and or methodologies. As the present teachings are not overlysensitive to any particular choices in these regards, furtherelaboration in these regards is not provided here for the sake ofbrevity.)

FIG. 3 presents a process 300 that can be utilized in the applicationsetting 200 described in FIG. 2 as well as other application settings.This illustrative example presumes that a control circuit of choice(such as the above-described control circuit 101 of the identity locator100) carries out the steps, activities, and functionality of thisprocess 300.

At block 301 the control circuit 101 receives personally identifiableinformation that corresponds to a particular entity 204. For the sake ofan example it is presumed here that the particular entity 204 is aperson and that the control circuit 101 received that personallyidentifiable information from a requesting entity 202. In a typicalapplication setting the requesting entity 202 will be different anddistinct from the particular entity 204 (though it is possible that itmay be useful for the requesting entity 202 and the particular entity204 to be one and the same for some use cases).

By one approach the personally identifiable information received by thecontrol circuit 101 constitutes clear information (i.e., informationthat has not been encrypted via an encryption key nor information thathas been processed via, for example, a cryptographic hash function; itwill be understood by those skilled in the art that clear informationmay nevertheless be encoded or otherwise modified in order to betterensure reliable transmission and reception and/or to otherwiseaccommodate the specific parameters of the transmission protocol). Byanother approach the personally identifiable information received by thecontrol circuit 101 constitutes non-clear information (i.e., informationthat has been encrypted via an encryption key and/or information thathas been processed via, for example, a cryptographic hash function).When the control circuit 101 receives non-clear personally identifiableinformation, this process 300 can provide, as shown at optional block302, for processing the non-clear personally identifiable information torecover clear personally identifiable information to thereby permitfollow-on use of an intelligible version of the personally identifiableinformation.

At block 303 the control circuit 101 uses the personally identifiableinformation (either as originally received (clear or non-clear) or aspartially or wholly processed (for example, to recover clear contentfrom received non-clear content)) to access a block chain ledger such asthe above-described identity block chain ledger 201. This can comprise,for example, transmitting the personally identifiable information to theidentity block chain ledger 201 via the aforementioned network interface103, possibly in combination with other information such as the identityor address of the requesting entity, an authorization code or digitalsignature, and so forth.

By one approach the control circuit 101 provides the personallyidentifiable information to the identity block chain ledger 201 in adiscrete transmission that does not include other items of personallyidentifiable information. By another approach the control circuit 101provides the personally identifiable information to the identity blockchain ledger 201 in a batch transmission that includes personallyidentifiable information for a plurality of different correspondingparticular entities 204.

By one approach, at block 304 the control circuit 101 then receives fromthe block chain ledger 201 a synthetic identifier that correlates to thepersonally identifiable information that the control circuit 101provided to the block chain ledger 201. As noted above, this syntheticidentifier was previously (i.e., prior to the aforementioned requestbeing proffered by the control circuit 101) correlated with other datathat corresponds to the particular entity that is stored elsewhere otherthan at the identity block chain ledger 201. This other data may becontent authored/created by or otherwise provided by the particularentity. By another approach this other data may comprise, in whole or inpart, content that was authored/created by or otherwise provided by anentity other than the particular entity (such as, but limited to,personal references, business associates, investigative agencies, creditreporting operations, academic institutions, or military services, tonote but a few).

In many (though not necessarily all) application settings, and asprovided at block 305, the control circuit 101 can then provide theaforementioned synthetic identifier to, for example, a correspondingrequesting entity 202. Such information can be provided in a clear ornon-clear manner as desired.

FIG. 4 presents an exemplary sequence of actions in the foregoingregards. With continuing reference to FIG. 2 as well, in this example aparticular entity 204 transmits (at 401) personally identifiableinformation that correlates specifically and directly to the particularentity 204 to a requesting entity 202. The requesting entity 202 thentransmits (at 402) that personally identifiable information to anidentity locator 100. For the sake of this illustrative example, it ispresumed here that the requesting entity 202 creates a canonical hash ofthe personally identifiable information and accordingly transmits thatcanonical hash to convey a representation of the personally identifiableinformation that is otherwise unintelligible to the identity locator100.

The latter then transmits the personally identifiable information (at403) to an identity block chain ledger 201. After identifying thesynthetic identifier that correlates to that personally identifiableinformation, the identity block chain ledger 201 transmits (at 404) thesynthetic identifier to the identity locator 100. The identity locator100 then transmits (at 405) the synthetic identifier to the requestingentity 202. The latter can then utilize the synthetic identifier in atransmission (at 406) to a data storage element 203 to request otherdata that correlates to the synthetic identifier (and hence whichcorrelates to the particular entity 204). Upon retrieving this otherdata, the data storage element 203 then transmits (at 407) the otherdata to the requesting entity 202.

So configured, information about and/or provided by various specificentities can be stored with a high degree of confidentiality as well asveracity. Without understanding how the synthetic identifiers correlateto particular entities, an unauthorized access to the other data canyield no information that can be correlated back to the originalentities themselves. While the other data might be accessed via someunauthorized breach, the other data cannot be connected to thecorresponding entities to which the other data pertains and henceprivacy and security is achieved. This holds true regardless of thecomputational capacity and wherewithal available to the unauthorizedparty.

Those skilled in the art will recognize that a wide variety ofmodifications, alterations, and combinations can be made with respect tothe above described embodiments without departing from the scope of theinvention. As one example in these regards, the aforementioned identityblock chain ledger can be wholly privately maintained or can becontrolled, monitored, and/or regulated by a regulatory agency,governing body, industry group, consortium, or otherwise as desired.Accordingly, it will be understood that such modifications, alterations,and combinations are to be viewed as being within the ambit of theinventive concept.

What is claimed is:
 1. A method comprising: by a control circuit: receiving a hash of personally identifiable information that corresponds to a particular entity; truncating the hash of personally identifiable information to provide a truncated hash of personally identifiable information; using the truncated hash of personally identifiable information to access a block chain ledger; receiving from the block chain ledger at least one encryption value comprised of encrypted data that results from encrypting data that includes a synthetic identifier that correlates to the personally identifiable information and that also correlates to other data that corresponds to the particular entity where the other data is stored in a data storage element other than the block chain ledger; and using the hash of the personally identifiable information as a symmetric key to decrypt at least one of the at least one encryption value in an attempt to retrieve the synthetic identifier, wherein no indication is provided by the truncated hash of personally identifiable information as to which, if any, of the at least one encryption value is decrypted by the control circuit to successfully recover the synthetic identifier.
 2. The method of claim 1 wherein the personally identifiable information includes data that corresponds to the particular entity other than in context with respect to the synthetic identifier.
 3. The method of claim 2 wherein the personally identifiable information that corresponds to the particular entity comprises at least one of a name, a taxpayer number, a social security number, a date of birth, a passport number, a military identification number, and a physical mailing address.
 4. The method of claim 1 wherein receiving the hash of personally identifiable information comprises at least one of: receiving a clear hash of personally identifiable information; and receiving a non-clear hash of personally identifiable information.
 5. The method of claim 1 wherein receiving the hash of personally identifiable information comprises receiving a non-clear hash of personally identifiable information, the method further comprising: processing the non-clear hash of personally identifiable information to recover a clear hash of personally identifiable information.
 6. The method of claim 1 wherein the block chain ledger is specific to a corresponding region.
 7. The method of claim 6 wherein the corresponding region comprises at least one of a geographic region, a political region, and an economic region.
 8. The method of claim 1, wherein: receiving the hash of personally identifiable information comprises receiving the hash of personally identifiable information from a requesting entity; and wherein the method further comprises: providing the synthetic identifier to the requesting entity.
 9. The method of claim 8 wherein the requesting entity is different from the particular entity.
 10. The method of claim 1 wherein the synthetic identifier specifically and only serves to correlate the particular entity to the other data.
 11. The method of claim 1 wherein the block chain ledger only serves to correlate personally identifiable information with corresponding synthetic identifiers.
 12. An apparatus comprising: a network interface; a control circuit operably coupled to the network interface and configured to: receive, via the network interface, a hash of personally identifiable information that corresponds to a particular entity; truncating the hash of personally identifiable information to provide a truncated hash of personally identifiable information; use the truncated hash of personally identifiable information to access a block chain ledger via the network interface; receive, via the network interface and from the block chain ledger, at least one encryption value comprised of encrypted data that results from encrypting data that includes a synthetic identifier that correlates to the personally identifiable information and that also correlates to other data that corresponds to the particular entity and which other data is stored in a data storage element other than the block chain ledger; and using the hash of the personally identifiable information as a symmetric key to decrypt at least one of the at least one encryption value in an attempt to retrieve the synthetic identifier, wherein no indication is provided by the truncated hash of personally identifiable information as to which, if any, of the at least one encryption value is decrypted by the control circuit to successfully recover the synthetic identifier.
 13. The apparatus of claim 12 wherein the personally identifiable information includes life-event information for the particular entity comprising at least one of a name, a taxpayer number, a social security number, a date of birth, a passport number, a military identification number, and a physical mailing address.
 14. The apparatus of claim 12 wherein the control circuit is configured to receive the hash of personally identifiable information by at least one of: receiving a clear hash of personally identifiable information; and receiving a non-clear hash of personally identifiable information.
 15. The apparatus of claim 12 wherein the control circuit is configured to receive the hash of personally identifiable information by receiving a non-clear hash of personally identifiable information, and wherein the control circuit is configured to: process the non-clear hash of personally identifiable information to recover the personally identifiable information.
 16. The apparatus of claim 12 wherein block chain ledger is specific to a corresponding region.
 17. The apparatus of claim 16 wherein the corresponding region comprises at least one of a geographic region, a political region, and an economic region.
 18. The apparatus of claim 12 wherein the control circuit is further configured to: provide the synthetic identifier to a requesting entity.
 19. The apparatus of claim 18 wherein the requesting entity is different from the particular entity.
 20. The apparatus of claim 12 wherein the synthetic identifier specifically and only serves to correlate the particular entity to the other data. 